Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc....
CSRF prevention - AJAX, CORS
|
108 |
4 |
ethicalhack3r |
05/17/2013 03:28PM
Last Post by Gareth Heyes
|
|
Explain CSRF
|
1,221 |
6 |
mpour |
09/24/2012 09:06AM
Last Post by Juggernaut
|
|
iframe form pushing
|
1,386 |
4 |
Kyran |
05/29/2012 10:12AM
Last Post by Jean Pascal Pereira
|
|
formamil.pl javascript alert tag plus html alert tag within javascript tag
|
1,139 |
2 |
johndoe |
02/06/2012 01:51PM
Last Post by PaPPy
|
|
sslstrip why it works for me and not for gmail and rest?
|
1,514 |
4 |
lazer |
01/25/2012 01:05PM
Last Post by lazer
|
|
Twitter oauth tokens now what?
|
836 |
3 |
RonPaul |
01/19/2012 05:14PM
Last Post by RonPaul
|
|
CSRF tokens
|
1,129 |
2 |
securitysrinivas |
01/03/2012 03:27AM
Last Post by Gareth Heyes
|
|
How bypass CSRF protections
|
1,811 |
5 |
the_master |
07/06/2011 03:16PM
Last Post by the_master
|
|
forging subdomain referer headers
|
1,833 |
11 |
Albino |
06/08/2011 10:03PM
Last Post by Albino
|
|
Cpanel Password
|
1,671 |
1 |
the_storm |
01/25/2011 09:16PM
Last Post by the_storm
|
|
Detecting CSRF with static analysis
|
2,020 |
14 |
database |
01/07/2011 07:54PM
Last Post by Kyo
|
|
Javascript SOP bypassing
|
1,675 |
2 |
Jean Pascal Pereira |
09/19/2010 04:30PM
Last Post by Skyphire
|
|
alternatives to session fixation?
|
1,405 |
3 |
Albino |
06/28/2010 11:09AM
Last Post by Reiners
|
|
HTTP split / CRLF attack
|
2,282 |
1 |
rickm |
06/01/2010 10:49AM
Last Post by rickm
|
|
JSON help
|
1,406 |
3 |
zatoichi |
05/18/2010 02:01AM
Last Post by zatoichi
|
|
Authenticating a victim under an attacker's credentials
|
1,310 |
4 |
clayfox |
05/14/2010 09:26AM
Last Post by clayfox
|
|
Can Referer be forged via CSRF over HTTP, or on recent browsers?
|
3,641 |
10 |
bimn |
04/29/2010 04:02PM
Last Post by Kyo
|
|
javascript hijacking
|
2,571 |
18 |
clayfox |
03/23/2010 11:07AM
Last Post by Gareth Heyes
|
|
hacking ASP session state
|
1,627 |
3 |
bflavor2 |
03/18/2010 09:45PM
Last Post by RonPaul
|
|
NTLMAps, Paros, Burp Breaking during NTLM authentication
|
2,061 |
1 |
zatoichi |
03/04/2010 11:47PM
Last Post by zatoichi
|
|
Price input 'hack'
|
1,655 |
3 |
_Andy |
02/26/2010 03:02AM
Last Post by _Andy
|
|
A potentially dangerous Request.QueryString value was detected
|
2,124 |
5 |
asilvermtzion |
02/01/2010 08:19AM
Last Post by PaPPy
|
|
Data encoding - crackable?
|
1,747 |
9 |
Perow |
01/31/2010 06:58PM
Last Post by cykyc
|
|
anti-CSRF token implemented only in the cookie
|
2,724 |
6 |
joel |
01/29/2010 08:16AM
Last Post by clayfox
|
|
how i found a CSRF Bug ?
|
1,969 |
7 |
the_master |
01/18/2010 09:25AM
Last Post by thornmaker
|
|
Firefox Multi-lined Address Phishing
|
1,834 |
7 |
p0deje |
01/15/2010 05:36AM
Last Post by p0deje
|
|
browser protocol hacks
|
2,208 |
6 |
clayfox |
12/05/2009 11:50AM
Last Post by timb
|
|
Respecting Host Headers
|
1,492 |
2 |
marshmellow1328 |
12/03/2009 12:02AM
Last Post by barbarianbob
|
|
Decloaking an internal IP
|
1,779 |
4 |
lat |
11/24/2009 09:12AM
Last Post by PaPPy
|
|
CSRF, problem with HTTP_REFERER
|
1,892 |
6 |
XaDoS |
11/15/2009 06:19AM
Last Post by Ams
|
